This week we will be speaking with Keith Bromley and Recep Ozdag, Senior Manager of Solutions Marketing and VP of Product Management of IXIA, respectively.

Network visibility is an often overlooked but critically important activity for IT. Visibility is what enables you to quickly isolate security threats and resolve performance issues; ultimately ensuring the best possible end-user experience. A proper visibility architecture addresses the strategic end-to-end monitoring goals of the network, whether they are physical, virtual, out-of-band, or inline security visibility.

Join us for the first of several discussions to learn what a visibility architecture is and how it can help you optimize network data capture and analysis.

For many network and security professionals, analyzing network packets for trouble-shooting and security investigation is a daily routine. One of the most common actions in the analysis is to “follow” a TCP session: display all the packets belonging to a TCP session.

It's well known that a TCP session consists of all the TCP packets that have the same tuple: from a client IP and port to a server IP and port or, conversely, from a server IP and port to a client IP and port. For a UDP session, many professionals will likely think that the same principle will work for UDP, just as in the case of TCP, but unfortunately, that is not the case. A UDP session is only defined by the client IP and port. As a result, packets from the same UDP session can be to/from different server IP and port pairs.

Some readers may wonder why this communication method for UDP sessions is the way it is. The answer lies in the network programming: when an application needs to communicate using UDP, it will bind to a local IP and port. After the binding, this socket can send to and receive from any server and port pair. In other words, all the packets from/to the local IP and port will be relevant to the same UDP-based application.

Enterprise security teams devote an incredible amount of resources to monitoring and defending their networks. Everyone knows there are professional grade tools that can monitor networks 24x7 providing detailed information about usage as well as enabling the in-depth examination of captured traffic once an Intrusion Detection System (IDS) has identified an activity that needs to be investigated.

Given the amount of success that attackers are having in penetrating network defenses and the deluge of alerts and alarms network teams deal with from IDS on a daily basis, enterprises are in need of better tools and training to go beyond the typical prevention, detection and response security protocols to effectively deal with incident response.

In today’s world, intelligent packet capture is the answer. Most modern forensic investigation solutions (FI) enable network security teams to capture and save a historical record of network activities that occur from the moment an attack is detected. But, one common weakness in existing forensic investigation solutions is that they don’t provide critical packet-level data from the period of time immediately BEFORE attacks are detected.

It has been reported that the Chinese government has successfully hacked our Office of Personnel Management, stealing privacy information belonging to over four million Federal workers.

This is the same Communist-sponsored hacker group that was responsible for the recent attack of the Anthem Insurance company earlier this year, our nation's second largest insurance company, stealing similar privacy data belonging to 80 million Americans.

It is further reported that the Chinese government's ultimate intent is to build a complete data base for every single one of our citizens. One can only imagine the evil intent for such overt intrusion.

Where is the outage?

Please join +Tim O'Neill and +Denny K Miu for a lively discussion this week, which unlike previous "LMTV HomeLAN Alerts" shows will be less about vendor netural technology and more about international geopolitics.

Sheeps be warned.﻿

To help us build our community, please share this live event with your fellow professionals on LinkedIn. For more episodes of LMTV, please visit LoveMyTool.TV or LMTV Sharkfest.

John has extensive security and networking experience having worked as a Principal Engineer for several years with Digital Equipment Corporation in Ireland, the UK and the US. He has worked on a number of high speed network interconnect projects in the past, specializing in low-level kernel programming.

John's company, NetFort, which is a new sponsor of LoveMyTool, specializes in network and user activity monitoring market and has built up an impressive portfolio of customers around the world.﻿